Updated Branches: refs/heads/master 723a45573 -> 54127f838
CLOUDSTACK-2758: Fix permissions of catalina.out Because of CVE 2013-1976, catalina.out gets owned by root. Since cloudstack-management is run under a privileged user env. of cloud have cloud ($TOMCAT_USER) own the catalina.out. Signed-off-by: Prasanna Santhanam <t...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/54127f83 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/54127f83 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/54127f83 Branch: refs/heads/master Commit: 54127f838eb0904c89d87aea34cffad6eb738fd6 Parents: 723a455 Author: Prasanna Santhanam <t...@apache.org> Authored: Mon Jun 3 13:53:19 2013 +0530 Committer: Prasanna Santhanam <t...@apache.org> Committed: Mon Jun 3 13:54:52 2013 +0530 ---------------------------------------------------------------------- client/tomcatconf/classpath.conf.in | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/54127f83/client/tomcatconf/classpath.conf.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/classpath.conf.in b/client/tomcatconf/classpath.conf.in index 3ae0fb4..f2aeeba 100644 --- a/client/tomcatconf/classpath.conf.in +++ b/client/tomcatconf/classpath.conf.in @@ -36,3 +36,11 @@ done export CLASSPATH PATH=/sbin:/usr/sbin:$PATH export PATH + +#catalina.out owned by `cloud` not `root` +if [ ! -f $TOMCAT_LOG ]; then + touch $TOMCAT_LOG + chown $TOMCAT_USER:$TOMCAT_USER $TOMCAT_LOG +else + chown $TOMCAT_USER:$TOMCAT_USER $TOMCAT_LOG +fi
